Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
  • G06Q20/325—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
  • G06Q20/3255—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/354—Card activation or deactivation
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/403—Solvency checks
  • G06Q20/4037—Remote solvency checks

Definitions

• the present invention relates generally to the field of card transactions, and more specifically to a method for improving the security of transactions, including financial transactions made by cards.
• a transaction card be it banking, credit payment or loyalty, is used at most a few minutes a day, while it is potentially usable 24 hours a day,
• This permanent activation is a fragility in case of ⁇ roJ or loss, especially between the moment the wearer notices the disappearance of his card and the one where he objects according to the procedures relating to the type of card.
• This fragility is even greater in the case of a payment on the Internet, or more generally in the case of a classic distance selling by telephone, where it is not necessary to physically dispose of the card, but only of its numbers.
• Fraudulent transactions may therefore be carried out without the knowledge of a cardholder, who only notices the fraud on receipt of his statement of account.
• Commercial law protects in principle the user, but the fraud exists and it is a brake to the development of online transactions.
• the present invention aims to overcome these disadvantages of the state of the art and to add a degree of security to conventional card payments, without jeopardizing existing security processes.
• a method of securing a payment transaction carried out using a payment card since the transaction involves communication with a payment authorization center and can only be carried out when an authorization is given by said center, characterized in that it comprises the implementation of an activation server in which is memorized, in association with each payment card, an activation identifier, and the following steps :
• Some preferred, but not limiting, aspects of this method are as follows: * The communication with the activation server at the initiative of the owner is established via a communication link chosen from fixed telephony, mobile telephony and the Internet.
• the activation identifier includes a telephone number of a telephone equipment of the owner.
• the activation identifier is contained in an alphanumeric message, in particular an SMS, sent to a predefined call number. * - the activation identifier is transmitted periodically by the activation server to the equipment used by the card owner to establish communication with the activation server.
• the activation identifier is transmitted in an ulphanurnal message, in particular an SMS.
• the activation identifier is periodically modified by the activation server.
• the method furthermore comprises, when the card is activated for a limited time, sending a message to the card owner, confirming said activation,
• said message is an alphanumeric message, in particular an SMS.
• the activation identifier includes a PIN code composed by the owner of the payment card.
• the method comprises, in case of failure in the establishment of the communication at the initiative of the owner of the card with the activation server, the establishment of a backup communication with said activation server.
• the method comprises, in case of failure in 1 ? the establishment of communication at the initiative of the owner of the card with the activation server, the automatic activation of the payment card according to a predefined schedule of activation periods.
• the activation server and the authorization center include a common technical platform.
• the invention proposes a credit card payment authorization center, of the type comprising communication means for the exchange of data with payment terminals, solvency verification means and / or or the existence of a declaration of theft or loss for a given card, and means for issuing conditional authorizations to said payment terminals, characterized in that it further comprises an interface with an activation server of card, and in that the issuing of an authorization to a payment terminal is also subordinate to the indication received from said server that a payment cam in question has been activated by an activation identifier obtained or generated independently. of the card itself.
• This method consists first of all in providing a transaction or payment card that is identical in all respects to the usual cards, except on one point: it is inactive in the normal state. It is located in the issuer databases as being in use, but inactive and therefore unusable as is: by default, a payment with this card will not be allowed.
• activation of the card for a transaction is effected by ways different from those of the electronic networks used to authorize transactions.
• the electronic money networks and the accepting terminals do not need to be modified and will continue to be used in the same way as they currently are.
• this activatable card can be proposed to bearers, and used in the current electronic payment network, without modification of the latter.
• terminals By accepting terminals, we mean: payment terminals, electronic merchants, ATMs (DAB), but also distributors of train tickets, shows, etc.
• DAB ATMs
• the card is activated, according to one of the processes that will be described below, it is recognized as a conventional card and the transaction takes place. If it is not activated, it is not recognized by the bearer authorization center, and the transaction is therefore refused,
• a first basic activation process involves a call from a fixed telephone: at the subscription of the contract, the bearer gives his landline number. This telephone number will be linked, in the information system of the issuer, to the card number to be activated.
• the card issuer provides the bearer with a telephone number to call to access the activation server. Activation is from home by calling this number. Authentication can be limited to identifying the calling number, or requesting the entry of a code on the landline keypad.
• the duration of activation can be programmed or defined at each call by a telephone keypad / activation server dialogue, the activation server then preferably having a voice server function to guide the user.
• a second example of a basic activation process puts a game on a mobile phone: the process is practically the same as that for the fixed telephone, but the use is much more flexible, since the call to the activation server can be done from anywhere, especially in the street in front of a cash machine, a few moments before inserting his card in the device, in a shop before going to the cash register, in a restaurant just before ask for the bill, etc.
• Authentication can possibly be reinforced by typing a code on the keyboard, and / or sending a preprograrnm message typically SMS type containing for example the first numbers of the card.
• Activation from a mobile phone can also be done entirely by sending an SMS.
• the server activat! it is then preferably designed to return an acknowledgment SMS to inform the wearer that his card is activated.
• the transmitter performs a periodic remote transmission to the mobile phone of the user, encrypted data to be integrated into an SMS to enhance the authenticity.
• securing can be ensured by reading the mobile phone number of the issuer conventionally encapsulated in the SMS sent.
• Activation by mobile phone is the one that ⁇ in the state of the art at the date of filing this application ⁇ a, one that offers the greatest flexibility and is therefore preferred.
• An example of an architecture on which the above processes can be implemented is illustrated in the figure.
• This architecture comprises a conventional authorization center CA, which is connected, typically via the PSTN switched telephone network, with a plurality of payment terminals TP capable of reading payment cards CP.
• Each owner of a CP card also has a telephone (here a mobile phone TM) able to enter into communication (here via the PC cellular network) with a SACT activation server.
• a telephone here a mobile phone TM
• the CA authorization center is interface (interface I) with the activation server SACT to fill the aforementioned function of checking the activated or unactivated character of a given card.
• the authorization center and the activation server can be hosted on a common technical platform.
• a third example of a basic activation process according to the invention is activation via the internet: the user accesses via the Internet, preferably using a standard browser, to the information system of the transmitter. with the same security levels as those offered by online banking.
• the user interface is designed to allow a very precise activation of the card with more detailed criteria such as a transaction ceiling, or the amount of the transaction that we are about to do, a type of transaction , the indication of the creditor bank, etc.
• This third example of activation according to the invention is particularly suitable for the case of Internet payments.
• this system can also be activated from a mobile terminal, be it a telephone, a personal digital assistant, a terminal type "Blackberry", a portable micro-computer connected to public wireless networks, etc.
• a mobile terminal be it a telephone, a personal digital assistant, a terminal type "Blackberry", a portable micro-computer connected to public wireless networks, etc.
• the processes as described above can of course be enriched by those skilled in the art so as to further improve safety.
• more elaborate payment cards may be provided, for example containing a dual identification system between the card itself and the terminal from which the activation server call is made.
• the activation of a card can be carried out for a given card only from a designated terminal, each having to recognize the identity of the other before launching the call for a card. activation.
• the payment card is not built on an inert support, but on a medium containing a RFID tag Lanspondeuse, the mobile terminal comprises an integrated RFID reader.
• the memories of the mobile terminal and the RFID tag carried by the payment card contain the respective identities of the terminal and the card. It is necessary to bring the card of the mobile device so that the identification of preference biunivoque is made between the card and the mobile terminal. And it is only in the case where the double identification is successful that the mobile terminal initiates the call to the activation server.
• the activatable card system is a system that allows the wearer to have an additional level of protection, without interfering with other protections, whether those of banks or merchants, and this as soon as a transaction by credit card involves the call of an authorization center.
• a second category of activation process groups processes that will activate its card in a backup mode, so can be used in case of malfunction always possible more elaborate systems described above.
• This second category includes: - a request for activation by mail, and preferably by fax or email: the holder writes to the managing department of his square to request activation for a limited period; Authentication of the requestor is assured by any appropriate means, such as predefined secret code.
• a predefined activation at the signing of the contract for the supply of the activabie card, the wearer chooses a rhythm of automatic LvaLion act according to a more or less complex calendar according to the uses it intends to make of it. For example, the activation will be done automatically every day for one hour from 10 am to 11 am, or then every hour for 5 minutes, or even 2 hours on Saturday morning, nothing on Sunday, 1 hour per day days week, etc. All the profiles are possible.
• This system can be offered systematically or on request as a backup from a faulty basic activation (cell phone network failure, failure of the external communications equipment of the art server, etc.).

Landscapes

• Business, Economics & Management (AREA)
• Engineering & Computer Science (AREA)
• Accounting & Taxation (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Theoretical Computer Science (AREA)
• General Business, Economics & Management (AREA)
• Strategic Management (AREA)
• Computer Networks & Wireless Communication (AREA)
• Computer Security & Cryptography (AREA)
• Finance (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
• Telephonic Communication Services (AREA)
• Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
• Storage Device Security (AREA)

Applications Claiming Priority (2)

Publications (2)

Family

ID=35385292

Family Applications (1)

Country Status (6)

Families Citing this family (18)

Family Cites Families (23)

• 2005
  • 2005-03-04 FR FR0502229A patent/FR2882880B1/fr not_active Expired - Fee Related
• 2006
  • 2006-03-06 EP EP06708650.4A patent/EP1899950B1/de not_active Not-in-force
  • 2006-03-06 WO PCT/EP2006/060478 patent/WO2006092446A1/fr active Application Filing
  • 2006-03-06 US US11/885,731 patent/US8887997B2/en not_active Expired - Fee Related
  • 2006-03-06 CN CNA2006800151433A patent/CN101203874A/zh active Pending
  • 2006-03-06 JP JP2007557522A patent/JP2008532157A/ja active Pending

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events